lokibot | fc38d73c4dd651a49817f58fe70cf00fca3b3e4b3c1c062c4fa816cb1d95565c | Triage

Submit
Reports

Overview

overview

Static

static

EA #44366209.docx

windows7_x64

EA #44366209.docx

windows10_x64

1

Sharing

General

Target

EA #44366209.docx
Size

10KB
Sample

210609-zx7j581tf2
MD5

9896dc7905c49361f0eb7185585d81a9
SHA1

2378ab96106c968c587f2ab85cf24fd57d040afd
SHA256

fc38d73c4dd651a49817f58fe70cf00fca3b3e4b3c1c062c4fa816cb1d95565c
SHA512

84204157fc9e66fea5684e53b9ee8cc09ea043099575136ddf2417eec9c4fda1634879bc3770771a671c682b65cd8b9a092b838e55c05c42fb7ba79ed8a49703

Score

10^/10

lokibot spyware stealer trojan websettings

Static task

static1

Behavioral task

behavioral1

Sample

EA #44366209.docx

Resource

win7v20210410

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

EA #44366209.docx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://kabaka.ddns.net/udara/a.wbk

Extracted

Family

lokibot

C2

http://173.208.204.37/k.php/mvM4bZPtu0I2s

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  EA #44366209.docx
- Size
  
  10KB
- MD5
  
  9896dc7905c49361f0eb7185585d81a9
- SHA1
  
  2378ab96106c968c587f2ab85cf24fd57d040afd
- SHA256
  
  fc38d73c4dd651a49817f58fe70cf00fca3b3e4b3c1c062c4fa816cb1d95565c
- SHA512
  
  84204157fc9e66fea5684e53b9ee8cc09ea043099575136ddf2417eec9c4fda1634879bc3770771a671c682b65cd8b9a092b838e55c05c42fb7ba79ed8a49703
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy